On Wed, Mar 14, 2012 at 8:40 PM, Andrei POPESCU <andreimpope...@gmail.com> wrote: > On Mi, 14 mar 12, 20:09:10, Dan wrote: >> >> Interestingly I noticed that chrome/chromium use some kind of sandbox >> to isolate the process that renders the page. That is a good idea for >> security purposes, but it requires to the executable chrome-sandbox to >> have suid root access. > > I'm not very familiar with chrome/chromium, but this sounds wrong. Could > you please point me to where this is documented? > > Kind regards, > Andrei
Hi Andrei, Here you can find the doc for the sandbox: http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox http://www.chromium.org/developers/design-documents/sandbox And some discussion: http://scarybeastsecurity.blogspot.com/2009/10/chromium-and-linux-sandboxing.html The idea is good but in Linux requires root access, which I do not like. It seems that it might be possible use the sandbox in a SELinux environment but I do not know how to do that: http://code.google.com/p/chromium/wiki/LinuxSandboxing Best regards, Dan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAK00fOLJ_61QZQTobxfDBjCLBQKowmCcpAJ7cPZ8hfqsmA=+t...@mail.gmail.com
